Version Maintenance/EOL policy

John Hawthorn · Jan 4, 2018

Previously, Solidus didn't have an explicit maintenance policy for previous
versions. We're very security conscious, so for each previous security
release we've released a patch simultaneously for all previous minor versions.

As we've released more versions, this has become more difficult. Our last set
of security patches (December 2017) required 10 new releases, which is way too
many. However we don't want to surprise users by announcing an issue with no
easy patch available to them.

To allow us to patch security issues promptly, and to make sure developers know
how long their Solidus version will receive security updates, we're introducing
the following End of Life policy:

Solidus versions will receive security patches for 18 months following their
initial release.

Versions which would hit their EOL before May 5th, 2018 (4 months from the date of this announcement) will receive security patches until May 5th, 2018. This applies to Solidus 1.0 through 2.0.

Under this policy, versions will be supported until the following dates: